tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

ssl_ems_unittest.cc (3991B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include "secerr.h"
      8 #include "ssl.h"
      9 #include "sslerr.h"
     10 #include "sslproto.h"
     11 
     12 #include "gtest_utils.h"
     13 #include "nss_scoped_ptrs.h"
     14 #include "tls_connect.h"
     15 #include "tls_filter.h"
     16 #include "tls_parser.h"
     17 
     18 namespace nss_test {
     19 
     20 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecret) {
     21  EnableExtendedMasterSecret();
     22  Connect();
     23  Reset();
     24  ExpectResumption(RESUME_SESSIONID);
     25  EnableExtendedMasterSecret();
     26  Connect();
     27 }
     28 
     29 TEST_P(TlsConnectTls12, ConnectExtendedMasterSecretSha384) {
     30  EnableExtendedMasterSecret();
     31  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
     32  ConnectWithCipherSuite(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
     33 }
     34 
     35 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretStaticRSA) {
     36  EnableOnlyStaticRsaCiphers();
     37  EnableExtendedMasterSecret();
     38  Connect();
     39 }
     40 
     41 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretECDHE) {
     42  EnableExtendedMasterSecret();
     43  Connect();
     44 
     45  Reset();
     46  EnableExtendedMasterSecret();
     47  ExpectResumption(RESUME_SESSIONID);
     48  Connect();
     49 }
     50 
     51 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretTicket) {
     52  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
     53  EnableExtendedMasterSecret();
     54  Connect();
     55 
     56  Reset();
     57  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
     58 
     59  EnableExtendedMasterSecret();
     60  ExpectResumption(RESUME_TICKET);
     61  Connect();
     62 }
     63 
     64 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretClientOnly) {
     65  client_->EnableExtendedMasterSecret();
     66  ExpectExtendedMasterSecret(false);
     67  Connect();
     68 }
     69 
     70 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretServerOnly) {
     71  server_->EnableExtendedMasterSecret();
     72  ExpectExtendedMasterSecret(false);
     73  Connect();
     74 }
     75 
     76 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretResumeWithout) {
     77  EnableExtendedMasterSecret();
     78  Connect();
     79 
     80  Reset();
     81  server_->EnableExtendedMasterSecret();
     82  ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
     83 }
     84 
     85 TEST_P(TlsConnectGenericPre13, ConnectNormalResumeWithExtendedMasterSecret) {
     86  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
     87  ExpectExtendedMasterSecret(false);
     88  Connect();
     89 
     90  Reset();
     91  EnableExtendedMasterSecret();
     92  ExpectResumption(RESUME_NONE);
     93  Connect();
     94 }
     95 
     96 TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretWithPolicy) {
     97  server_->SetPolicy(SEC_OID_TLS_REQUIRE_EMS, NSS_USE_ALG_IN_SSL_KX, 0);
     98  client_->SetPolicy(SEC_OID_TLS_REQUIRE_EMS, NSS_USE_ALG_IN_SSL_KX, 0);
     99  EnableExtendedMasterSecret();
    100  Connect();
    101 }
    102 
    103 TEST_P(TlsConnectGenericPre13, ConnectNoExtendedMasterSecretWithServerPolicy) {
    104  server_->SetPolicy(SEC_OID_TLS_REQUIRE_EMS, NSS_USE_ALG_IN_SSL_KX, 0);
    105  ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
    106  server_->CheckErrorCode(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET);
    107 }
    108 
    109 TEST_P(TlsConnectGenericPre13, ConnectNoExtendedMasterSecretWithClientPolicy) {
    110  client_->SetPolicy(SEC_OID_TLS_REQUIRE_EMS, NSS_USE_ALG_IN_SSL_KX, 0);
    111  ConnectExpectFailOneSide(TlsAgent::CLIENT);
    112  client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET);
    113 }
    114 
    115 TEST_P(TlsConnectGenericPre13, ConnectNoExtendedMasterSecretClientWithPolicy) {
    116  server_->SetPolicy(SEC_OID_TLS_REQUIRE_EMS, NSS_USE_ALG_IN_SSL_KX, 0);
    117  server_->EnableExtendedMasterSecret();
    118  ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
    119  server_->CheckErrorCode(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET);
    120 }
    121 
    122 TEST_P(TlsConnectGenericPre13, ConnectNoExtendedMasterSecretServerWithPolicy) {
    123  client_->SetPolicy(SEC_OID_TLS_REQUIRE_EMS, NSS_USE_ALG_IN_SSL_KX, 0);
    124  client_->EnableExtendedMasterSecret();
    125  ConnectExpectFailOneSide(TlsAgent::CLIENT);
    126  client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET);
    127 }
    128 
    129 }  // namespace nss_test